Prevent hacker intrusion system from establishing hidden accounts

In the face of hackers in their own computer to create a hidden account, users should do? Although the account hiding technology is the most concealed backdoor, it is difficult for the general users to find hidden accounts in the system. In fact, as long as the user carefully observed to do the following, that can find the mystery.

Put "hidden account" out of the system

Hidden accounts are a huge threat. Therefore, we need to make an understanding of the prevention technology, the hidden account completely please out of the system

1, add "contentrdquo" symbol-type hidden account

This kind of hidden account detection is relatively simple. General hackers in this way to create a hidden account, the hidden account will be elevated to administrator rights. Then we just need to enter "net localgroup Administrators" in the command prompt to make all the hidden accounts visible. If trouble, you can directly open the "Computer Management" for viewing, add "contentrdquo symbol of the account is not hidden here."

2, modify the registration form hidden account

Because accounts that are hidden using this method are not seen in command prompt and Computer Management, you can delete hidden accounts in the registry. Come to the "hkey_local_machinesamsamdomainsaccountusersnames", the existing account and "Computer Management" in the account of the comparison, the more out of the account is hidden account. It is also easy to delete it by simply deleting the item named by the account.

3, unable to see the name of the hidden account

If the hacker has made a modified registry-type hidden account, the administrator's permission to operate the registry has been removed on this basis. The administrator is unable to delete the hidden account through the registry, or even know the hidden account name created by the hacker. But the world is not absolutely, we can use the "Group Policy" help, so that hackers can not login through the hidden account. Click "Start" → "Run", enter "Gpedit.msc" to run Group Policy, expand Computer Configuration → "Windows settings" → "Security Settings" → "Local Policy" → "Audit Policy", double-click "Audit policy change" on the right, and check "success" in the pop-up Settings window. And then "OK". Make the same settings for audit logon events and audit process tracking.

4. Open the Login event audit function

After the landing audit, you can record any account login, including hidden accounts, so that we can through the "Computer Management" in the "Event Viewer" accurately know the name of the hidden account, or even the time of the hacker landing. Even if hackers delete all log logs, the system will also record which account deleted the system log, so that the hacker's hidden account will be exposed. To find hidden accounts through Event Viewer

It would be nice to know the name of the hidden account, but we still can't delete the hidden account because we don't have permission. However, we can change the password for this hidden account by entering "net user hidden account name 654321" at the command prompt. This hidden account will be invalidated and the hacker can no longer log in with the hidden account.

Summarize:

Each hacker has its own hidden method, but the change is not, the hacker invaded a computer in which the hidden account name and password method but above several. Readers have time to see whether their own computer has hidden accounts, so that hackers have nowhere to hide!